DNSO General Assembly
IANA access to TLD zone files
Last update: 2002-10-18
Zone files are the authoritative sources of information in the DNS.
A zone file is composed of so-called resource records which can (1)
provide authoritative information (e.g., "www.example.com is at 192.168.1.10"),
(2) provide pointers to sources for authoritative information (delegations,
e.g., "information about example.com is available from ns1.example.com
and from ns2.example.com"), or (3) contain non-authoritative glue records
("by the way, ns1.example.com is at 10.2.3.4, and ns2 is at 192.168.1.9")
which are used to actually access the listed name servers.
On the TLD and root levels, zone file content is normally limited
to name server information (technically called "delegations") and glue
Zone files are shared between the redundant servers which provide name service for any given domain. The query by which the transmission of a zone file from a name server is requested is commonly known as "AXFR", after the corresponding DNS query type. (See RFC 1035, section 3.2.3.)
For some time, name servers have made AXFR access available to everyone
who'd ask. For the rather common BIND name server, access to
zone files can be controlled by using the xfrnets directive introduced
in bind-4.9.2 (released in February 1994; source:
bind-4.9.5 changelog) or its more fine-grained successors in the more
recent bind 8 releases.
Nowadays, it is relatively common that name servers do not make the full zone files they are serving available, except for the use by the domain's secondary servers.
Zone file policy
Access to zone files (by AXFR or other means) has become a policy
issue due to its role in the process used by IANA when the name servers
authoritative for a ccTLD are updated in the root zone. In ICP-1 and a companion FAQ document
, IANA asserts that, as a matter of policy, TLDs have an obligation
to make zone files available to IANA for checking, at the point of time
of an update of the TLD's delegation.
This is currently
disputed by various members of the ccTLD community, who do not make
access to their zone files available to IANA.
As a consequence of this dispute, IANA has not yet
implemented a number of pending delegation updates.
The panel will consider two questions:
The panel session will be structured into four segments:
The panel will consist of participants from the ccTLD constituency,
IANA staff, and the Security Advisory Committee.
Contact: Thomas Roessler <firstname.lastname@example.org>